The ISC International Journal of Information Security

Abstract Multi-Server Authentication and Key Agreement (MAKA) protocols in 5G networks play a pivotal role in securing communications due to their widespread applications in domains such as drones, cellular networks, and secure communications. We propose a novel and efficient protocol for multi-server authentication and key agreement in 5G networks, based on Elliptic Curve Cryptography (ECC). The proposed protocol is secure against attacks such as user and server impersonation, password guessing, insider attacks, tracking, session key disclosure, replay, denial-of-service, and man-in-the-middle attacks. Additionally, distinctive features such as user anonymity, avoidance of bilinear pairing, key confirmation, perfect forward secrecy, and the ability to perform authentication without an online registration server make the proposed scheme more efficient and secure, compared to previous schemes. Formal analysis using Proverif cryptographic protocol verifier, confirms the protocol’s confidentiality and authentication properties, while its computational and communication efficiency demonstrates relative superiority over comparable schemes. 

Abstract Today, the use of Multi-Server Authenticated Key Agreement (MAKA) schemes has become widespread. In the multiserver authenticated key agreement, each entity registers with a registration server, and the key agreement takes place. After that, based on the desired applications, the user communicates with the application servers and he/she does not need to register with these service providers anymore. There are many protocols introduced for MAKA in different environments such as the 5G and cloud service environments, each one could assure some security features such as confidentiality, authentication and privacy. However, some of these schemes are vulnerable to different attacks. In the current paper, we first study two well-known MAKA schemes called the Wang et al.’s protocol (Wang et al., 2022) and the Palit et al.’s protocol (Palit et al., 2023) and then we propose a server spoofing attack on Wang et al.’s protocol. On the other hand, we show that Palit et al.’s protocol is vulnerable to DoS and desynchronization attacks. We also propose some suggestions to make the schemes resistant to those attacks.

Abstract Today, passive RFID tags have many applications in various fields such as healthcare, transportation, asset management, and supply chain management. In some of these applications, a group of tags need to prove they are present in the same place at the same time. To solve this problem, many protocols have been proposed so far, and each of them has been able to solve some security and performance problems, but unfortunately, many of these protocols have security vulnerabilities or do not have the necessary performance to run on passive RFID tags. In this study, a secure and lightweight protocol for RFID tags grouping proof called LSGPP is proposed. In this protocol, the reader is an untrusted entity, in other words, the protocol is secure even if the reader is hijacked by an attacker. This study shows that the LSGPP protocol is secure against tracking, eavesdropping, replay, concurrency, impersonation, desynchronization, denial of service (DoS), proof forgery, message integrity, man-in-the-middle, secret disclosure, denial of proof (DoP), and unlinkability attacks, and supports anonymity and forward secrecy features. Also, in this study, the notion of RFID reader compromised attack is introduced, and it is shown that, unlike its predecessors, the LSGPP protocol is also secure against this attack. Also, using the Proverif tool, it is shown that the proposed protocol provides confidentiality and authentication features. The LSGPP protocol uses lightweight operations affordable for passive RFID tags and is shown to be compliant with the EPC C1G2 standard.

Abstract In the last two decades bilinear pairings have found many applications in cryptography. Meanwhile identity-based cryptosystems based on bilinear pairings have received particular attention. The IEEE, IETF, and ISO organizations have been working on standardization of pairing-based cryptographic schemes. The Boneh-Franklin identity-based encryption and Sakai-Kasahara identity-based signature are the most well-known identity-based schemes that have been standardized. So far, various schemes have been proposed to reduce the computational overhead of pairing operations. All these schemes are trying to outsource pairing operations in a secure manner. But besides pairing operations, there are other basic and costly operations in pairing-based cryptography and identity-based schemes, including scalar multiplication on elliptic curves. In this research, we outsource the Boneh-Franklin encryption in a more secure and efficient (in terms of computational and communication complexity) way than existing schemes. Also we outsource the BLMQ signature (based on Sakai-Kasahara) scheme for the first time. The proposed schemes are secure in the OMTUP model. Also, unlike previous schemes, we considered communication channels insecure. Moreover, compared with the trivial solution which outsources every single operation (such as pairing, scalar multiplication and modular exponentiation) as a separate subroutine, our schemes offer less complexity by seamlessly outsourcing the whole encryption scheme for the first time.